-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathsettings.h
More file actions
4762 lines (4140 loc) · 151 KB
/
settings.h
File metadata and controls
4762 lines (4140 loc) · 151 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/* settings.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
* Note, this file should not be edited to activate/deactivate features.
*
* Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS
*
* or
*
* ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]"
*
* To build using a custom configuration method, define WOLFSSL_CUSTOM_CONFIG
*
* For more information see:
*
* https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/
*/
/* Place OS specific preprocessor flags, defines, includes here, will be
included into every file because types.h includes it */
#ifndef WOLF_CRYPT_SETTINGS_H
#define WOLF_CRYPT_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \
defined(BUILDING_WOLFSSL) && !defined(LIBWOLFSSL_SOURCES_H) && \
!defined(LIBWOLFSSL_SOURCES_ASM_H)
#error settings.h included before libwolfssl_sources[_asm].h.
#endif
/* WOLFSSL_USE_OPTIONS_H directs wolfSSL to include options.h on behalf of
* application code, rather than the application including it directly. This is
* not defined when compiling wolfSSL library objects, which are configured
* through CFLAGS.
*/
#if (defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)) && \
!defined(WOLFSSL_NO_OPTIONS_H)
#include <wolfssl/options.h>
#endif
/* Uncomment next line if using IPHONE */
/* #define IPHONE */
/* Uncomment next line if using ThreadX */
/* #define THREADX */
/* Uncomment next line if using Micrium uC/OS-III */
/* #define MICRIUM */
/* Uncomment next line if using Deos RTOS*/
/* #define WOLFSSL_DEOS*/
/* Uncomment next line if using Mbed */
/* #define MBED */
/* Uncomment next line if using Microchip PIC32 ethernet starter kit */
/* #define MICROCHIP_PIC32 */
/* Uncomment next line if using Microchip TCP/IP stack, version 5 */
/* #define MICROCHIP_TCPIP_V5 */
/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
/* #define MICROCHIP_TCPIP */
/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */
/* #define MICROCHIP_TCPIP_BSD_API */
/* Uncomment next line if using PIC32MZ Crypto Engine */
/* #define WOLFSSL_MICROCHIP_PIC32MZ */
/* Uncomment next line if using FreeRTOS */
/* #define FREERTOS */
/* Uncomment next line if using FreeRTOS+ TCP */
/* #define FREERTOS_TCP */
/* Uncomment next line if using FreeRTOS Windows Simulator */
/* #define FREERTOS_WINSIM */
/* Uncomment next line if using RTIP */
/* #define EBSNET */
/* Uncomment next line if using lwip */
/* #define WOLFSSL_LWIP */
/* Uncomment next line if building wolfSSL for a game console */
/* #define WOLFSSL_GAME_BUILD */
/* Uncomment next line if building wolfSSL for LSR */
/* #define WOLFSSL_LSR */
/* Uncomment next line if building for Freescale Classic MQX version 5.0 */
/* #define FREESCALE_MQX_5_0 */
/* Uncomment next line if building for Freescale Classic MQX version 4.0 */
/* #define FREESCALE_MQX_4_0 */
/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
/* #define FREESCALE_MQX */
/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
/* #define FREESCALE_KSDK_MQX */
/* Uncomment next line if building for Freescale KSDK Bare Metal */
/* #define FREESCALE_KSDK_BM */
/* Uncomment next line if building for Freescale KSDK FreeRTOS, */
/* (old name FREESCALE_FREE_RTOS) */
/* #define FREESCALE_KSDK_FREERTOS */
/* Uncomment next line if using STM32F2 */
/* #define WOLFSSL_STM32F2 */
/* Uncomment next line if using STM32F4 */
/* #define WOLFSSL_STM32F4 */
/* Uncomment next line if using STM32FL */
/* #define WOLFSSL_STM32FL */
/* Uncomment next line if using STM32F7 */
/* #define WOLFSSL_STM32F7 */
/* Uncomment next line if using QL SEP settings */
/* #define WOLFSSL_QL */
/* Uncomment next line if building for EROAD */
/* #define WOLFSSL_EROAD */
/* Uncomment next line if building for IAR EWARM */
/* #define WOLFSSL_IAR_ARM */
/* Uncomment next line if building for Rowley CrossWorks ARM */
/* #define WOLFSSL_ROWLEY_ARM */
/* Uncomment next line if using TI-RTOS settings */
/* #define WOLFSSL_TIRTOS */
/* Uncomment next line if building with PicoTCP */
/* #define WOLFSSL_PICOTCP */
/* Uncomment next line if building for PicoTCP demo bundle */
/* #define WOLFSSL_PICOTCP_DEMO */
/* Uncomment next line if building for uITRON4 */
/* #define WOLFSSL_uITRON4 */
/* Uncomment next line if building for uT-Kernel */
/* #define WOLFSSL_uTKERNEL2 */
/* Uncomment next line if using Max Strength build */
/* #define WOLFSSL_MAX_STRENGTH */
/* Uncomment next line if building for VxWorks */
/* #define WOLFSSL_VXWORKS */
/* Uncomment next line if building for Nordic nRF5x platform */
/* #define WOLFSSL_NRF5x */
/* Uncomment next line to enable deprecated less secure static DH suites */
/* #define WOLFSSL_STATIC_DH */
/* Uncomment next line to enable deprecated less secure static RSA suites */
/* #define WOLFSSL_STATIC_RSA */
/* Uncomment next line if building for ARDUINO */
/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */
/* #define WOLFSSL_ARDUINO */
/* #define INTEL_GALILEO */
/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
/* #define WOLFSSL_ASYNC_CRYPT */
/* Uncomment next line if building for uTasker */
/* #define WOLFSSL_UTASKER */
/* Uncomment next line if building for embOS */
/* #define WOLFSSL_EMBOS */
/* Uncomment next line if building for RIOT-OS */
/* #define WOLFSSL_RIOT_OS */
/* Uncomment next line if building for using XILINX hardened crypto */
/* #define WOLFSSL_XILINX_CRYPT */
/* Uncomment next line if building for using XILINX */
/* #define WOLFSSL_XILINX */
/* Uncomment next line if building for WICED Studio. */
/* #define WOLFSSL_WICED */
/* Uncomment next line if building for Nucleus 1.2 */
/* #define WOLFSSL_NUCLEUS_1_2 */
/* Uncomment next line if building for Nucleus Plus 2.3 */
/* #define NUCLEUS_PLUS_2_3 */
/* Uncomment next line if building for using Apache mynewt */
/* #define WOLFSSL_APACHE_MYNEWT */
/* For Espressif chips see example user_settings.h
*
* https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/user_settings.h
*/
/* Uncomment next line if building for using ESP-IDF */
/* #define WOLFSSL_ESPIDF */
/* Uncomment next line if using Espressif ESP32-WROOM-32 */
/* #define WOLFSSL_ESP32 */
/* Uncomment next line if using Espressif ESP32-WROOM-32SE */
/* #define WOLFSSL_ESPWROOM32SE */
/* Uncomment next line if using ARM CRYPTOCELL*/
/* #define WOLFSSL_CRYPTOCELL */
/* Uncomment next line if using RENESAS TSIP */
/* #define WOLFSSL_RENESAS_TSIP */
/* Uncomment next line if using RENESAS RX64N */
/* #define WOLFSSL_RENESAS_RX65N */
/* Uncomment next line if using RENESAS SCE Protected Mode */
/* #define WOLFSSL_RENESAS_SCEPROTECT */
/* Uncomment next line if using RENESAS RA6M4 */
/* #define WOLFSSL_RENESAS_RA6M4 */
/* Uncomment next line if using RENESAS RX64 hardware acceleration */
/* #define WOLFSSL_RENESAS_RX64_HASH */
/* Uncomment next line if using Solaris OS*/
/* #define WOLFSSL_SOLARIS */
/* Uncomment next line if building for Linux Kernel Module */
/* #define WOLFSSL_LINUXKM */
/* Uncomment next line if building for devkitPro */
/* #define DEVKITPRO */
/* Uncomment next line if building for Dolphin Emulator */
/* #define DOLPHIN_EMULATOR */
/* Uncomment next line if building for WOLFSSL_NDS */
/* #define WOLFSSL_NDS */
/* Uncomment next line if using MAXQ1065 */
/* #define WOLFSSL_MAXQ1065 */
/* Uncomment next line if using MAXQ108x */
/* #define WOLFSSL_MAXQ108X */
/* Uncomment next line if using Raspberry Pi RP2040 or RP2350 */
/* #define WOLFSSL_RPIPICO */
/* Check PLATFORMIO first, as it may define other known environments. */
#ifdef PLATFORMIO
#ifdef ESP_PLATFORM
/* Turn on the wolfSSL ESPIDF flag for the PlatformIO ESP-IDF detect */
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
#endif /* ESP_PLATFORM */
/* Ensure all PlatformIO boards have the wolfSSL user_setting.h enabled. */
#ifndef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#endif /* WOLFSSL_USER_SETTINGS */
/* Similar to Arduino we have limited build control, so suppress warning */
#undef WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_IGNORE_FILE_WARN
#endif
#if defined(ARDUINO)
/* Due to limited build control, we'll ignore file warnings. */
/* See https://github.com/arduino/arduino-cli/issues/631 */
#undef WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_IGNORE_FILE_WARN
/* we don't have the luxury of compiler options, so manually define */
#if defined(__arm__)
#undef WOLFSSL_ARDUINO
#define WOLFSSL_ARDUINO
/* ESP32? */
#endif
#undef FREERTOS
#ifndef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#endif /* WOLFSSL_USER_SETTINGS */
/* board-specific */
#if defined(__AVR__)
#define WOLFSSL_USER_IO
#define WOLFSSL_NO_SOCK
#define NO_WRITEV
/* boards less than 32 bit int get tripped up on long OID values */
#define WC_16BIT_CPU
#define WOLFSSL_OLD_OID_SUM
#elif defined(__SAM3X8E__)
#define WOLFSSL_NO_ATOMIC
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_WRITEV
#elif defined(__arm__)
#define WOLFSSL_NO_SOCK
#define NO_WRITEV
#elif defined(ESP32)
/* assume sockets available */
#elif defined(ESP8266)
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_WRITEV
#else
#define WOLFSSL_NO_SOCK
#endif
#endif
#if !defined(WOLFSSL_CUSTOM_CONFIG) && \
((defined(BUILDING_WOLFSSL) && defined(WOLFSSL_USE_OPTIONS_H)) || \
(defined(BUILDING_WOLFSSL) && defined(WOLFSSL_OPTIONS_H) && \
!defined(EXTERNAL_OPTS_OPENVPN)))
#warning wolfssl/options.h included in compiled wolfssl library object.
#endif
#ifdef WOLFSSL_USER_SETTINGS
#include "user_settings.h"
#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
/* STM Configuration File (generated by CubeMX) */
#include "wolfSSL.I-CUBE-wolfSSL_conf.h"
#elif defined(NUCLEUS_PLUS_2_3)
/* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */
#include "nucleus.h"
#include "os/networking/ssl/lite/cyassl_nucleus_defs.h"
#elif !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_OPTIONS_H) && \
!defined(WOLFSSL_NO_OPTIONS_H) && !defined(WOLFSSL_CUSTOM_CONFIG)
/* This warning indicates that wolfSSL features may not have been properly
* configured before other wolfSSL headers were included. If you are using
* an alternative configuration method -- e.g. custom header, or CFLAGS in
* an application build -- then your application can avoid this warning by
* defining WOLFSSL_NO_OPTIONS_H or WOLFSSL_CUSTOM_CONFIG as appropriate.
*/
#warning "No configuration for wolfSSL detected, check header order"
#endif
/* Ensure WOLFSSL_DEBUG_CERTS is always set when DEBUG_WOLFSSL is enabled */
#ifdef DEBUG_WOLFSSL
#undef WOLFSSL_DEBUG_CERTS
#define WOLFSSL_DEBUG_CERTS
#endif
#include <wolfssl/wolfcrypt/visibility.h>
/*------------------------------------------------------------*/
#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV)
#undef HAVE_FIPS_VERSION_MAJOR
#define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */
/* of most recent FIPS certificate */
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR
#undef HAVE_FIPS_VERSION_MINOR
#define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */
#undef HAVE_FIPS_VERSION_PATCH
#define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */
#endif
#define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \
(((major) * 65536) + ((minor) * 256) + (patch))
#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \
WOLFSSL_MAKE_FIPS_VERSION3(major, minor, 0)
#if !defined(HAVE_FIPS)
#define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION3(0,0,0)
#define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
#elif !defined(HAVE_FIPS_VERSION)
#define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION3(1,0,0)
#define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
#elif !defined(HAVE_FIPS_VERSION_MINOR)
#define WOLFSSL_FIPS_VERSION_CODE \
WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION,0,0)
#define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
#elif !defined(HAVE_FIPS_VERSION_PATCH)
#define WOLFSSL_FIPS_VERSION_CODE \
WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION, \
HAVE_FIPS_VERSION_MINOR, 0)
#define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
#else
#define WOLFSSL_FIPS_VERSION_CODE \
WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION,\
HAVE_FIPS_VERSION_MINOR, \
HAVE_FIPS_VERSION_PATCH)
#define WOLFSSL_FIPS_VERSION2_CODE \
WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION,\
HAVE_FIPS_VERSION_MINOR, \
0)
#endif
#define FIPS_VERSION_LT(major,minor) \
(WOLFSSL_FIPS_VERSION2_CODE < WOLFSSL_MAKE_FIPS_VERSION(major,minor))
#define FIPS_VERSION_LE(major,minor) \
(WOLFSSL_FIPS_VERSION2_CODE <= WOLFSSL_MAKE_FIPS_VERSION(major,minor))
#define FIPS_VERSION_EQ(major,minor) \
(WOLFSSL_FIPS_VERSION2_CODE == WOLFSSL_MAKE_FIPS_VERSION(major,minor))
#define FIPS_VERSION_GE(major,minor) \
(WOLFSSL_FIPS_VERSION2_CODE >= WOLFSSL_MAKE_FIPS_VERSION(major,minor))
#define FIPS_VERSION_GT(major,minor) \
(WOLFSSL_FIPS_VERSION2_CODE > WOLFSSL_MAKE_FIPS_VERSION(major,minor))
#define FIPS_VERSION3_LT(major,minor,patch) \
(WOLFSSL_FIPS_VERSION_CODE < WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
#define FIPS_VERSION3_LE(major,minor,patch) \
(WOLFSSL_FIPS_VERSION_CODE <= WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
#define FIPS_VERSION3_EQ(major,minor,patch) \
(WOLFSSL_FIPS_VERSION_CODE == WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
#define FIPS_VERSION3_GE(major,minor,patch) \
(WOLFSSL_FIPS_VERSION_CODE >= WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
#define FIPS_VERSION3_GT(major,minor,patch) \
(WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
/*------------------------------------------------------------*/
/* make sure old RNG name is used with CTaoCrypt FIPS */
#ifdef HAVE_FIPS
#if FIPS_VERSION_LT(2,0)
#define WC_RNG RNG
#else
/* RNG needs to be defined to WC_RNG anytime another library on the
* system or other set of headers included by wolfSSL already defines
* RNG. Examples are:
* wolfEngine, wolfProvider and potentially other use-cases */
#if !defined(RNG) && !defined(NO_OLD_RNGNAME)
#define RNG WC_RNG
#endif
#endif
/* blinding adds API not available yet in FIPS mode */
#undef WC_RSA_BLINDING
#endif
/* old FIPS has only AES_BLOCK_SIZE. */
#if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
#define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE
#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */
#ifdef WOLFSSL_HARDEN_TLS
#if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128
#error "WOLFSSL_HARDEN_TLS must be defined either to 112 or 128 bits of security."
#endif
#endif
/* Important build-time configuration messages may be saved.
* Enable DEBUG_WOLFSSL and see wolfSSL_Init() for display. */
#define LIBWOLFSSL_CMAKE_OUTPUT ""
/* ---------------------------------------------------------------------------
* Dual Algorithm Certificate Required Features.
* ---------------------------------------------------------------------------
*/
#ifdef WOLFSSL_DUAL_ALG_CERTS
#ifdef NO_RSA
#error "Need RSA or else dual alg cert example will not work."
#endif
#ifndef HAVE_ECC
#error "Need ECDSA or else dual alg cert example will not work."
#endif
#undef WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_GEN
#undef WOLFSSL_CUSTOM_OID
#define WOLFSSL_CUSTOM_OID
#undef HAVE_OID_ENCODING
#define HAVE_OID_ENCODING
#undef WOLFSSL_CERT_EXT
#define WOLFSSL_CERT_EXT
#undef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#undef HAVE_OID_DECODING
#define HAVE_OID_DECODING
#endif /* WOLFSSL_DUAL_ALG_CERTS */
#if defined(_WIN32) && !defined(_M_X64) && \
defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)
/* The _M_X64 macro is what's used in the headers for MSC to tell if it
* has the 64-bit versions of the 128-bit integers available. If one is
* building on 32-bit Windows with AES-NI, turn off the AES-GCMloop
* unrolling. */
#define AES_GCM_AESNI_NO_UNROLL
#endif
#ifdef IPHONE
#define SIZEOF_LONG_LONG 8
#endif
#ifdef THREADX
#define SIZEOF_LONG_LONG 8
#endif
#ifdef HAVE_NETX
#ifdef NEED_THREADX_TYPES
#include <types.h>
#endif
#include <nx_api.h>
#endif
#ifdef WOLFSSL_NDS
#include <stddef.h>
#define SIZEOF_LONG_LONG 8
#define socklen_t int
#define IPPROTO_UDP 17
#define IPPROTO_TCP 6
#define NO_WRITEV
#endif
#if defined(ARDUINO)
#if defined(ESP32)
#ifndef NO_ARDUINO_DEFAULT
#define SIZEOF_LONG_LONG 8
#ifdef FREERTOS
#undef FREERTOS
#endif
#define WOLFSSL_LWIP
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define WC_NO_CACHE_RESISTANT
#endif /* !NO_ARDUINO_DEFAULT */
#elif defined(__arm__)
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR
#elif defined(OTHERBOARD)
/* TODO: define other Arduino boards here */
#endif
#endif
#if defined(WOLFSSL_ESPIDF)
#define SIZEOF_LONG_LONG 8
#ifndef WOLFSSL_MAX_ERROR_SZ
/* Espressif paths can be quite long. Ensure error prints full path. */
#define WOLFSSL_MAX_ERROR_SZ 200
#endif
/* Debug message do not need an additional LF for ESP_LOG */
#define WOLFSSL_DEBUG_LINE_ENDING ""
/* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
* Macros may or may not be defined. If defined, they may have a value of
*
* 0 - not enabled (also the equivalent of not defined)
* 1 - enabled
*
* The naming convention is generally an exact match of wolfSSL macros
* in the Kconfig file. At cmake time, the Kconfig is processed and an
* sdkconfig.h file is created by the ESP-IDF. Any configured options are
* named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that
* are expected to be ESP-IDF specific and may be ambiguous can named
* with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)]
*
* Note there are some inconsistent macro names that may have been
* used in the esp-wolfssl or other places in the ESP-IDF. They should
* be always be included for backward compatibility.
*
* See also: Espressif api-reference kconfig docs.
*
* These settings should be checked and assigned wolfssl equivalents before
* any others.
*
* Only the actual config settings should be defined here. Any others that
* may be application specific should be conditionally defined in the
* respective user_settings.h file.
*
* See the template example for reference:
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
*
* Reminder that by the time we are here, the user_settings.h has already
* been processed. The following settings are additive; Enabled settings
* from user_settings are not disabled here.
*/
#if defined(CONFIG_ESP_WOLFSSL_TEST_LOOP) && \
CONFIG_ESP_WOLFSSL_TEST_LOOP
#define WOLFSSL_TEST_LOOP 1
#else
#define WOLFSSL_TEST_LOOP 0
#endif
#if (defined(CONFIG_DEBUG_WOLFSSL) && \
CONFIG_DEBUG_WOLFSSL) || \
(defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \
CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL )
#define DEBUG_WOLFSSL
#endif
#if defined(CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH) && \
CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
#define WOLFSSL_ENABLE_WOLFSSH
#endif
#if (defined(CONFIG_TEST_ESPIDF_ALL_WOLFSSL) && \
CONFIG_TEST_ESPIDF_ALL_WOLFSSL )
#define TEST_ESPIDF_ALL_WOLFSSL
#endif
#if (defined(CONFIG_WOLFSSL_ALT_CERT_CHAINS) && \
CONFIG_WOLFSSL_ALT_CERT_CHAINS )
#define WOLFSSL_ALT_CERT_CHAINS
#endif
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) && \
CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
#define WOLFSSL_ASN_ALLOW_0_SERIAL
#endif
#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && \
CONFIG_WOLFSSL_NO_ASN_STRICT
#define WOLFSSL_NO_ASN_STRICT
#endif
#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) && \
CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE
#endif
#if defined(CONFIG_USE_WOLFSSL_ESP_SDK_TIME) && \
CONFIG_USE_WOLFSSL_ESP_SDK_TIME
#define USE_WOLFSSL_ESP_SDK_TIME
#endif
#if defined(CONFIG_USE_WOLFSSL_ESP_SDK_WIFI) && \
CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
#define USE_WOLFSSL_ESP_SDK_WIFI
#endif
#if defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) && \
CONFIG_WOLFSSL_APPLE_HOMEKIT
#define WOLFSSL_APPLE_HOMEKIT
#endif
#if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) && \
CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#endif
#if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) && \
CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#endif
#if defined(CONFIG_TLS_STACK_WOLFSSL)
/* When using ESP-TLS, some old algorithms such as SHA1 are no longer
* enabled in wolfSSL, except for the OpenSSL compatibility. So enable
* that here: */
#define OPENSSL_EXTRA
#endif
/* Optional Apple HomeKit support. See below for related sanity checks. */
#if defined(WOLFSSL_APPLE_HOMEKIT)
/* SRP is known to need 8K; slow on some devices */
#undef FP_MAX_BITS
#define FP_MAX_BITS (8192 * 2)
#define WOLFCRYPT_HAVE_SRP
#define HAVE_CHACHA
#define HAVE_POLY1305
#define WOLFSSL_BASE64_ENCODE
#define HAVE_HKDF
#define WOLFSSL_SHA512
#endif
/* Enable benchmark code via menuconfig, or when not otherwise disable: */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK
#ifdef NO_CRYPT_BENCHMARK
#pragma message("Benchmark conflict:")
#pragma message("-- NO_CRYPT_BENCHMARK defined.")
#pragma message("-- CONFIG_WOLFSSL_ENABLE_BENCHMARK also defined.")
#pragma message("-- NO_CRYPT_BENCHMARK will be undefined.")
#undef NO_CRYPT_BENCHMARK
#endif
#endif
#if !defined(NO_CRYPT_BENCHMARK) || \
defined(CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK)
#define BENCH_EMBEDDED
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
/* See wolfcrypt/benchmark/benchmark.c for debug and other settings: */
/* Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) */
#ifdef CONFIG_ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
#define DEBUG_WOLFSSL_BENCHMARK_TIMING
#endif
/* Turn on timer debugging (used when CPU cycles not available) */
#ifdef CONFIG_ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
#define WOLFSSL_BENCHMARK_TIMER_DEBUG
#endif
#endif
/* Typically only used in tests, but available to all apps is
* the "enable all" feature: */
#if defined(TEST_ESPIDF_ALL_WOLFSSL)
#define WOLFSSL_MD2
#define HAVE_BLAKE2
#define HAVE_BLAKE2B
#define HAVE_BLAKE2S
#define WC_RC2
#define WOLFSSL_ALLOW_RC4
#define HAVE_POLY1305
#define WOLFSSL_AES_128
#define WOLFSSL_AES_OFB
#define WOLFSSL_AES_CFB
#define WOLFSSL_AES_XTS
/* #define WC_SRTP_KDF */
/* TODO Causes failure with Espressif AES HW Enabled */
/* #define HAVE_AES_ECB */
/* #define HAVE_AESCCM */
/* TODO sanity check when missing HAVE_AES_ECB */
#define WOLFSSL_WOLFSSH
#define HAVE_AESGCM
#define WOLFSSL_AES_COUNTER
#define HAVE_FFDHE
#define HAVE_FFDHE_2048
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* TODO Full size SRP is disabled on the ESP8266 at this time.
* Low memory issue? */
#define WOLFCRYPT_HAVE_SRP
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#elif defined(CONFIG_IDF_TARGET_ESP32) || \
defined(CONFIG_IDF_TARGET_ESP32S2) || \
defined(CONFIG_IDF_TARGET_ESP32S3)
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
defined(CONFIG_IDF_TARGET_ESP32H2)
/* SRP Known to be working on this target::*/
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#else
/* For everything else, give a try and see if SRP working: */
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_DH
/* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
* Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
/* #define HAVE_CAMELLIA */
/* DSA requires old SHA */
#define HAVE_DSA
/* Needs SHA512 ? */
#define HAVE_HPKE
/* Not for Espressif? */
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP32H2) || \
defined(CONFIG_IDF_TARGET_ESP8266)
#if defined(CONFIG_IDF_TARGET_ESP8266)
#undef HAVE_ECC
#undef HAVE_ECC_CDH
#undef HAVE_CURVE25519
#ifdef HAVE_CHACHA
#error "HAVE_CHACHA not supported on ESP8266"
#endif
#ifdef HAVE_XCHACHA
#error "HAVE_XCHACHA not supported on ESP8266"
#endif
#else
#define HAVE_XCHACHA
#define HAVE_CHACHA
/* TODO Not enabled at this time, needs further testing:
* #define WC_SRTP_KDF
* #define HAVE_COMP_KEY
* #define WOLFSSL_HAVE_XMSS
*/
#endif
/* TODO AES-EAX needs stesting on this platform */
/* Optionally disable DH
* #undef HAVE_DH
* #undef HAVE_FFDHE
*/
/* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
#ifndef HAVE_ECC
#define ECC_SHAMIR
#endif
#else
#define WOLFSSL_AES_EAX
#define ECC_SHAMIR
#endif
/* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
/* #define WOLFSSL_CAAM */
/* #define WOLFSSL_CAAM_BLOB */
#define WOLFSSL_AES_SIV
#define WOLFSSL_CMAC
#define WOLFSSL_CERT_PIV
/* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
/* #define HAVE_SCRYPT */
#define SCRYPT_TEST_ALL
#define HAVE_X963_KDF
#endif
/* Optionally enable some wolfSSH settings via compiler def or Kconfig */
#if defined(ESP_ENABLE_WOLFSSH)
/* The default SSH Windows size is massive for an embedded target.
* Limit it: */
#define DEFAULT_WINDOW_SZ 2000
/* These may be defined in cmake for other examples: */
#undef WOLFSSH_TERM
#define WOLFSSH_TERM
#if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSH)
/* wolfSSH debugging enabled via Kconfig / menuconfig */
#undef DEBUG_WOLFSSH
#define DEBUG_WOLFSSH
#endif
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_PTHREADS
#define WOLFSSL_PTHREADS
#define WOLFSSH_TEST_SERVER
#define WOLFSSH_TEST_THREADING
#endif /* ESP_ENABLE_WOLFSSH */
/* ML-KEM. */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_KYBER
#define CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
#endif
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#endif
#endif
#ifndef NO_ESPIDF_DEFAULT
#define FREERTOS
#define WOLFSSL_LWIP
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
/* WC_RSA_BLINDING takes up extra space! */
#define WC_RSA_BLINDING
/* Cache Resistant features are on by default, but has performance
* penalty on embedded systems. May not be needed here. Disabled: */
#define WC_NO_CACHE_RESISTANT
#endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */
#if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
#error "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 cannot be defined without" \
"NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 (enable or disable both)"
#endif
#if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) && \
!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384)
#error "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 cannot be defined without" \
"NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 (enable or disable both)"
#endif
#if defined(WOLFSSL_ESPWROOM32)
/* WOLFSSL_ESPWROOM32 is a legacy macro gate.
** Not be be confused with WOLFSSL_ESPWROOM32SE, naming a specific board */
#undef WOLFSSL_ESP32
#define WOLFSSL_ESP32
#endif
#if defined(NO_ESP32WROOM32_CRYPT)
#undef NO_ESP32WROOM32_CRYPT
#define NO_ESP32_CRYPT
#error "Please use NO_ESP32_CRYPT not NO_ESP32WROOM32_CRYPT"
#endif
#if defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
#undef NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#error "Please use NO_WOLFSSL_ESP32_CRYPT_HASH not NO_ESP32WROOM32_CRYPT"
#endif
#if defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_AES)
#undef NO_WOLFSSL_ESP32WROOM32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_AES
#error "Please use NO_WOLFSSL_ESP32_CRYPT_AES" \
" not " "NO_WOLFSSL_ESP32WROOM32_CRYPT_AES"
#endif
#if defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI)
#undef NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#error "Please use NO_WOLFSSL_ESP32_CRYPT_RSA_PRI" \
" not " "NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI"
#endif
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
#ifndef NO_ESP32_CRYPT
#define WOLFSSL_ESP32_CRYPT
#if defined(ESP32_USE_RSA_PRIMITIVE) && \
!defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI)
#define WOLFSSL_ESP32_CRYPT_RSA_PRI
#define WOLFSSL_SMALL_STACK
#endif
#endif
#if defined(WOLFSSL_SP_RISCV32)
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP32C3) || \
defined(CONFIG_IDF_TARGET_ESP32C6)
/* ok, only the known C2, C3, C6 chips allowed */
#else
#error "WOLFSSL_SP_RISCV32 can only be used on RISC-V architecture"
#endif
#endif
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
/* SM settings */
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
#undef WOLFSSL_SM4_ECB
#define WOLFSSL_SM4_ECB
#undef WOLFSSL_SM4_CBC
#define WOLFSSL_SM4_CBC
#undef WOLFSSL_SM4_CTR
#define WOLFSSL_SM4_CTR
#undef WOLFSSL_SM4_GCM
#define WOLFSSL_SM4_GCM
#undef WOLFSSL_SM4_CCM
#define WOLFSSL_SM4_CCM
#undef HAVE_POLY1305
#define HAVE_POLY1305
#undef HAVE_CHACHA
#define HAVE_CHACHA
#undef HAVE_AESGCM